In our April 2018 edition we summarised the Phase 2 AML/CFT legislation about to come into force. At that time, we mentioned that a second civil claim by the DIA had recently been before the High Court and we were waiting for the Court’s decision. The decision has now been released and it makes interesting reading.

In DIA v Qian DuoDuo (QDD) the DIA sought pecuniary penalties of $2.6m for numerous failures by QDD to comply with the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (the Act). However, Powell J took a considerably more benign view of QDD’s conduct. He accepted that QDD had genuinely tried to comply with the Act and had relied heavily on advice provided by a consultant. Powell J also recognised that some of the Act’s requirements were confusing and that it was, to some degree, understandable that QDD had misunderstood its obligations. His Honour imposed a penalty of $356,000 on QDD.

The facts of this case contrast heavily with the facts of an earlier civil claim brought by the DIA (DIA v Ping An) where the Court imposed penalties of $5.29m. The case shows that where a reporting entity makes a genuine effort to comply with its obligations under the Act, the penalties for failure are likely to be significantly less than the eye-wateringly high penalties imposed in Ping An.

The BreachesAs a currency exchanger and money remitter, QDD is a reporting entity for the purposes of the Act. An investigation carried out by the DIA from early 2015 established that QDD had breached its obligations under the Act in four areas:

Failures in respect of risk assessments – QDD had carried out three annual risk assessments between 3 January 2013 and May 2015 which did not accurately record the nature of QDD’s money remittance business, including its business relationships, and in particular its relationship with six other money remitters. As a result, it failed to accurately identify the type of risks involved in QDD’s money remittance operations.

Failure to undertake enhanced customer due diligence (ECDD)– QDD did not carry out ECDD in relation to 796 large or complex transactions totalling in excess of $120 million and it carried out over 1,000 wire transfers with a total value in excess of $94 million.

Failure to undertake ongoing customer due diligence (CDD) in account monitoring– QDD did not undertake ongoing CDD and account monitoring with a result that over 1,300 transactions totalling in excess of $136 million were not subject to adequate scrutiny via account monitoring or ongoing CDD.

Failure to keep adequate records – QDD did not keep adequate records in respect of the “bulk” of the 1,300 transactions.

Following negotiations between the parties, QDD admitted the four identified breaches. The hearing before Justice Powell in the Auckland High Court was therefore to determine the appropriate penalty for the civil liability acts committed by QDD.

Powell J broadly adopted the approach utilised by Toogood J in Ping An with regard to setting the penalties, namely first assessing the seriousness of the civil liability acts to select a starting point and then considering aggravating and mitigating factors which might warrant imposition of a higher or lower penalty. Finally, a deduction was made to reflect any admission of liability and/or cooperation with the authorities.

Seriousness of QDD’s civil liability actsAs a starting point, his Honour accepted that on their face, the four civil liability acts accepted by QDD were serious and represented a significant degree of non-compliance with QDD’s AML obligations. However, ultimately his Honour found that the nature and extent of QDD’s civil liability acts cumulatively stood at the lower end of the spectrum.

In reaching this conclusion, his Honour took into account a number of matters around the specific failures, including the fact that there was genuine uncertainty in the AML regime at the relevant time with regard to who bears the obligation to complete CDD transactions where other reporting entities have the direct contact with the end customer. His Honour felt that the level of ambiguity present in this part of the Act at the time was relevant to his assessment of the nature and extent of the QDD civil liability acts.

A significant part of the judgment relates to the circumstances in which QDD’s civil liability acts occurred and, in particular, the fact that good faith reliance had been placed on advice from Starfish Consulting Ltd (Starfish), a consultant that QDD had engaged to advise it in respect of complying with the Act, and the DIA.

Starfish had drafted QDD’s three risk assessments and provided QDD with advice about what it had to do to comply with the AML/CFT regime, which QDD implemented. Throughout its three-year involvement, none of Starfish’s consultants identified flaws in the work or in QDD’s compliance. The failures in the risk assessments led to downstream breaches, namely an inability to identify risky transactions. In addition, QDD submitted that it also relied on the DIA’s feedback which included a desktop review of its compliance with the Act in April 2014. QDD submitted that it reasonably expected the DIA to raise any non-compliance issues at this time.

The DIA submitted that QDD only engaged external consultants so as to appear as if it was complying, rather than any genuine attempt to comply with its obligations under the AML Act. However, his Honour did not agree. He considered it was beyond any doubt that QDD relied heavily on Starfish to ensure AML/CFT compliance and that there was no indication that at any point it did not follow Starfish’s recommendations.

QDD’s reliance on Starfish, backed up by what QDD was told by the DIA following the desktop review and inspection in 2014, provided critical context to the civil liability acts. Accordingly, Powell J considered that it substantially reduced QDD’s culpability.

Overall, his Honour was satisfied that QDD’s liability was at the “lowest” end. He therefore concluded that the conduct reflected in the four civil liability acts did not require the imposition of a significant deterrent penalty on QDD.

He considered the starting point for each of the civil liability acts would be as follows:

Failures in respect of risk assessments = $225,000

Failure to undertake ECDD = $175,000

Failure to undertake ongoing CDD and account monitoring = $100,000

Failure to keep adequate records = $120,000

Total = $620,000

However, he considered it was necessary to adjust the starting points to avoid penalising QDD for the same conduct. It was acknowledged by the DIA that the failures in respect of the risk assessments and the failure to undertake ECDD did overlap. In addition Powell J considered it was clear that the failure of the risk assessments carried out by Starfish on behalf of QDD to identify the role of the six money remitters had led directly to the failure to carry out ECDD and ongoing monitoring in respect of those entities.

His Honour therefore considered that the starting points of the failures in respect of risk assessments, ECDD and CDD in going civil liability acts should be reduced to a total sum of $300,000 to avoid penalising what was substantially the same conduct. This, coupled with $120,000 for failing to keep adequate records, resulted in a final adjusted starting point of $420,000.

Aggravating/Mitigating FactorsThere were no mitigating factors and only one aggravating factor. QDD had provided the DIA with a number of misleading documents when the DIA was investigating. Powell J added $25,000 to the penalty to reflect QDD’s conduct.

Admission of Liability The parties had agreed a discount was appropriate for QDD’s admission of liability. His Honour considered a 20% discount to be appropriate.

When this was added to a starting point of $420,000 and the $25,000 uplift through QDD’s attempt to mislead the DIA, this gave a final pecuniary penalty of $356,000.

ConclusionThe High Court’s decision is significant as it indicates that a reporting entity’s clear intention to comply with the AML legislation is a significant mitigating factor in sentencing. Ping An had been an undefended case where serious compliance issues, with no real explanation for them, had been raised. Ping An had made no attempt to comply with the legislation at all. In contrast, QDD had made considerable attempts to comply with the AML legislation but unfortunately had been poorly advised by its consultant, Starfish.

The significantly lower penalty should give insurers and their clients some comfort that where genuine attempts have been made, even in situations of significant non-compliance, a much lower damages award is likely to be made. Certainly, with Ping An at one end and now Qian DuoDuo at the other, we have some useful sentencing parameters to refer to going forward.